cli-oss-scout
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes untrusted content from external sources such as GitHub repository READMEs and metadata. Malicious instructions hidden in these external sources could potentially influence the agent's behavior during the evaluation process.
- Ingestion points: Step 1 and Step 2 instructions involve using WebFetch to retrieve data from external URLs and search results.
- Boundary markers: The instructions do not define clear boundaries or provide warnings to the agent to disregard instructions found within the fetched content.
- Capability inventory: The skill utilizes tools such as Bash, Write, and Edit, which could be misused if an injection attack is successful.
- Sanitization: There is no requirement or method described for sanitizing or validating external data before the agent processes it.
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation and repository facts from GitHub, which is a well-known and trusted service. This activity is central to the skill's intended purpose of triaging open-source tools.
Audit Metadata